github.com/google/osv-scalibr@v0.4.1/veles/secrets/openai/detector.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package openai
    16  
    17  import (
    18  	"regexp"
    19  
    20  	"github.com/google/osv-scalibr/veles"
    21  	"github.com/google/osv-scalibr/veles/secrets/common/simpletoken"
    22  )
    23  
    24  // maxTokenLength is the maximum size of an OpenAI Project API key.
    25  const maxTokenLength = 200
    26  
    27  // keyRe is a regular expression that matches OpenAI API keys.
    28  // Supports legacy format: sk-[chars]T3BlbkFJ[chars]
    29  // and project and service account formats:
    30  //
    31  //	sk-proj-[chars]T3BlbkFJ[chars]
    32  //	sk-svcacct-[chars]T3BlbkFJ[chars]
    33  //
    34  // The regex is designed to be specific enough to avoid false positives.
    35  var keyRe = regexp.MustCompile(
    36  	`sk-[A-Za-z0-9_-]*T3BlbkFJ[A-Za-z0-9_-]+`)
    37  
    38  // NewDetector returns a new simpletoken.Detector that matches OpenAI API keys
    39  // (both legacy and project-scoped formats).
    40  func NewDetector() veles.Detector {
    41  	return simpletoken.Detector{
    42  		MaxLen: maxTokenLength,
    43  		Re:     keyRe,
    44  		FromMatch: func(b []byte) (veles.Secret, bool) {
    45  			return APIKey{Key: string(b)}, true
    46  		},
    47  	}
    48  }